#8371 (to_json cross site scripting security issue (XSS)) - Rails Trac - Trac
Description To json is almost only used for injecting object hashes into javascript. var client = <%= client.to_json %>; Because to_json does not escape its values, it's easy to construct a Cross Site Scripting exploit. If client has a name attribute, to_json will come up with something like: var client = {attributes: {name: "TEST"}}; If we change the name to say: TEST"}}; alert('XSS!!') ;a={{" we
JavaScriptエスケープã«ã¤ã„ã¦è«–考 - hoshikuzu | star_dust ã®æ›¸æ–Ž
http://d.hatena.ne.jp/hoshikuzu/20060130#P20060130BARSFAKE http://d.hatena.ne.jp/amachang/20071010/1192012056 (IT戦記 - 一行㧠IE ã® JavaScript を高速化ã™ã‚‹æ–¹æ³•) ã¯ã˜ã‚㫠次ã®ã‚ˆã†ãªé™å®šã•ã‚ŒãŸã‚±ãƒ¼ã‚¹ã«ãŠã„ã¦ãªã®ã§ã™ãŒã€‚説明上ã®éƒ½åˆã§ã“れを課題Aã¨å‘¼ã¶ã“ã¨ã¨ã—ã¾ã™ã€‚ <SCRIPT TYPE="text/javascript"> <!-- var strA = "$data"; // ・・・以下サイトé‹å–¶è€…ã«ã‚ˆã‚‹å‡¦ç†è¨˜è¿°ä¾‹ alert(0); //--> </SCRIPT>上記ã®ã‚ˆã†ãªã‚±ãƒ¼ã‚¹ã«é™å®šã—ã¦ã®ã‚ªãƒãƒŠã‚·ã§ã™ã‘ã‚Œã©ã€$dataをエスケープã™ã‚‹æ–¹å‘ã§ã®XSS対ç–ã¨ã—ã¦é‡‘床ã•ã‚“ãªã©ã«ã‚ˆã£ã¦ã‹ã¤ã¦è«–è°ã•ã‚Œã¦ã€ã“ã®ã¾ã¾ã§ã¯ä½¿ãˆãã†ã«ãªã„ã¨æ£„å´ã•ã‚ŒãŸJavaScr
1
メンテナンス
ãŠçŸ¥ã‚‰ã›
障害
リリースã€éšœå®³æƒ…å ±ãªã©ã®ã‚µãƒ¼ãƒ“スã®ãŠçŸ¥ã‚‰ã›
最新ã®äººæ°—エントリーã®é…ä¿¡
処ç†ã‚’実行ä¸ã§ã™
j次ã®ãƒ–ックマーク
kå‰ã®ãƒ–ックマーク
lã‚ã¨ã§èªã‚€
eコメント一覧を開ã
oページを開ã
{{#tags}}- {{label}}
{{/tags}}